Link to home
Start Free TrialLog in
Avatar of FireBall
FireBall

asked on

SRX3600 Packet header

How should i see packet headers of an ip address's traffic , and then block matching headers ?
Avatar of btan
btan
You need the packet capture (and you can further even create pcap after the dump capture set for offline archive analysis or related activities) @ http://kb.juniper.net/InfoCenter/index?page=content&id=KB21563
But be wary not to run it on long term as it is supposed for debugging or short period, else the performance may be impacted due to storage and high CPU/mem resource during such processing ....

However to the depth of filter based on IP hdr filed may not be as granular as you see this example where the sec policy include to ip address and appl protocol..likely have to explore other alternate devices etc (like web appl fw for http filter...) @ http://www.mustbegeek.com/configure-firewall-rule-in-juniper-srx/
Avatar of Duncan Roe
Duncan Roe
Flag of Australia image
Is this Linux or other? If Linux, you can write iptables rules to match on arbitrary bytes in a header
Avatar of FireBall
FireBall

ASKER

Linux but srx can not handle small packages while there is no rule it is locking
Avatar of Duncan Roe
Duncan Roe
Flag of Australia image
If you can make a tcpdump expression to view only the problem packets then you can make a rule to reject them:
Use nfbpf_compile to convert the tcpdump expression to the format expected by the iptables bpf extension
Add a bpf rule to accept or reject as required

Enter man iptables-extensions to see an example
ASKER CERTIFIED SOLUTION
Avatar of btan
btan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial